Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Omemo Encryption Support #37
Please add support for the new OMEMO XEP: http://xmpp.org/extensions/xep-0384.html
OMEMO is an XMPP Extension Protocol (XEP) for secure multi-client end-to-end encryption: http://conversations.im/omemo/ It offers Forward Secrecy and deniability while allowing you to keep the benefits of message synchronization and offline delivery.
OMEMO uses the Double Ratchet algorithm to establish secure sessions between every combination of devices: https://en.wikipedia.org/wiki/OMEMO
It's current support status in other XMPP clients is tracked here: http://www.omemo.top
Nothing new on the Swift side of things.
Maybe some background: OMEMO has not been standardized yet, and isn't quite there yet either. The non-standardized version currently used by other clients cannot be implemented in Swift due to licensing issues. There have been many discussions in the past months on how to get to a version that is broadly implementable, but no agreements have been reached yet. I hope this will change soon. Once things are unblocked there, the protocol still needs to be further discussed and defined (e.g. I think there are still some things missing to improve usability).
Hopefully, by the time the standard is ready for implementation (which nobody knows how long it will take), I will have a Swift implementation ready as well (although I can't promise anything at this point).
Hi, a bit of an update to the ticket on the standardisation side:
So, as Remko says, we're not currently where we need to be for Swift to be implementing it.
In the age of surveillance, when privacy is trampled daily, when EFF’s founder demise truly saddens and Signal’s ascent is encouraging, at this very time @Kev — without batting an eye — admits Swift’s priority is anything, but not keeping pace with how communication medium should be secured. Then delegates this crucial and sensitive task to the periphery at the mercy of random people. What a staggering vision!
As you can see in my history, I don't know how to code and I'm not a good contributor. I'm doing my best to improve it anyway !
But @Kev, prior to someone building an OMEMO plugin “without breaking anything else”, they should read your code structure without any specific documentation (AFAIK) and I doubt it will ever happen. Libreoffice has like less than 40 contributors, and although adding OMEMO to Swift would be a cool project, and make one's resume shine a little, I doubt someone will implement the OMEMO protocol – at least for free.
AFAIK, it doesn't only implement encrypted group chat but also encrypted file sharing and offline encryption (against OTR), and I specifically looked for Swift on https://omemo.top because I'd be downloading it now if you had implemented OMEMO. Although I understand that a lot of chat clients already implement this, and that your project may be somewhat different, but I'd like to be part of it without giving up either my contacts or everyone's E2E encryption in the group chat… (It's also worth noting that there's probably someone in the group who specifically uses XMPP for its encryption ! Should they give up the reasons why they're here for 70% of their communications, or just leave the group chat ?)
So if I had the honour of leading such an XMPP client I'd add a bounty on https://bountysource.com, this being said without, I hope, condescension or anything. I just think implementing OMEMO is important, not only for the encryption itself, but for everyone using other clients.
Best regards !